Most Active Speaker

Sergey Chubarov

Sergey Chubarov

Security Expert

Paço de Arcos, Portugal

Sergey Chubarov is a Security and Cloud Expert, Instructor with 15+ years' experience on Microsoft technologies.

His day-to-day job is to help companies securely embrace cloud technologies.

He has certifications and recognitions such as Microsoft MVP: Security, OSCP, OSEP, eCPPT, eCPTX, Microsoft Certified Trainer, MCT Regional Lead, EC Council CEH, CPENT, LPT, CCSE, CEI, CREST CPSA, CRT and more.

Frequent speaker at local and international conferences like Global Azure, DEF CON, Black Hat Europe, Wild West Hackin' Fest, Security BSides, Workplace Ninja, Midwest Management Summit, Hack in the Box, Hack in Paris etc.

Prefers live demos and cyberattacks simulations.

Awards

Area of Expertise

  • Information & Communications Technology

Topics

  • Microsoft 365
  • Microsoft Azure
  • Azure Security
  • Microsoft 365 Defender
  • Ethical Hacking
  • azure penetration testing
  • Security
  • Office 365 Security
  • Enterprise Security
  • Security & Compliance
  • Cloud Security
  • Microsoft 365 Security

AMSI & CLM: acronyms that stop Powershell attacks

PowerShell is a de facto scripting standard for administrative tasks on Windows. It's POWERful and already built in. This also makes it popular among attackers. To limit "unauthorized administration" Microsoft introduced number of security features like Antimalware Scan Interface (AMSI) and Constrained Language Mode (CLM).

The session will lift the veil on those technologies, as well as demonstrate methods can be used to bypass protection. The session contains:

- Understanding AMSI
- Reverse engineering AMSI
- AMSI bypass methods
- Understanding CLM
- Dive into PowerShell runspaces
- CLM bypass methods

Behind the curtain of PowerShell cmdlets

PowerShell is widely used, but a few thinks about how cmdlets work behind the scenes.
This knowledge allows IT administrators find hidden capabilities even in built-in cmdlets, developers create their own, and better understand PowerShell-based attacks for security engineers.

The session sheds light on well-known cmdlets and how to overcome some built-in limitations.

Demo-based session contains:
- Win32 API intro
- Monitoring Built-in Cmdlets API Calls
- Analyzing API Calls in a source code
- Abstract Win32 API functions with PSReflect
- Customize Built-in Cmdlets

Managed Identity for Hackers and Developers

There are so many managed cloud services today, it can be hard to follow what each is used for. This makes access management a critical area on which cloud security professionals should focus.

Managed identities provide an identity for applications to use when connecting to resources that support Microsoft Entra ID authentication.

As with any identity, this must be configured correctly, otherwise the identity may be compromised and the malicious actor can gain privileged access.

Session contains:
- Dive into Managed Identity and JWT tokens
- Azure resources enumeration
- Getting access to blob storage using compromised identity
- Retrieving Azure Key Vault secrets
- Extract data from SQL Database

Microsoft Defender for Office 365 evasion. The story of confirmed vulnerability

Microsoft Defender for Office 365 safeguards your organization against malicious threats posed by email messages, links (URLs), and collaboration tools.

Safe Attachments routes all messages and attachments that do not have a virus/malware signature to a special environment, and then uses machine learning and analysis techniques to detect malicious intent.
Safe Links provides time-of-click verification of URLs.
It sounds cool and, in fact, is a black box that we should completely trust.

Session is an opening of this black box, based on own research and discovered vulnerabilities.
Vulnerability was reported and confirmed by Microsoft Security Research.

Live demos only.

Session contains:
- Testing malicious attachments. An example of attachments that are detected.
- Inside the sandbox. What is Safe Attachments from the inside and how does it work.
- Safe Attachments bypass. How the vulnerability was discovered.
- The fix. What did Microsoft do to fix the vulnerability
- Testing malicious links. An example of links that are blocked.
- Safe Links bypass. How attackers can bypass the link protection.

The session will be of interest to everyone who is interested in cloud protection and uses the Microsoft 365 cloud.

Pentesting Azure Container Services

Containers are playing their role in the digital transformation by providing a fast deployment of cloud-native applications. Containers are also often viewed as secure, which is true. But how are they really well configured?

A demo-based session.

The session includes:
- Containers 101
- Backdooring Docker containers images
- Poisoning images on Azure Container Registry
- Compromise containers on Azure Container Instance
- Compromise containers on Azure Kubernetes Services
- Vulnerability Assessment

Sneaky Defense Evasion. Windows 11 security bypassed

Today's cybercriminals have a hard time: antiviruses, whitelisting, intrusion detection systems, etc. are used by many companies around the world. However, the number of security incidents is on the rise. While defenders implement security features, attackers learn to bypass them. Defenders should also learn evasion technics to keep up with attackers.

Get insights on Windows 11 security bypass in advanced scenario-based session.

Live demos only.

The session contains:
- Preparing the payload. Microsoft Defender AV Evasion
- Downloading the payload. Attack Surface Reduction bypass
- Executing the payload. Abusing Applocker configurations
- Covering the tracks. Ransomware vs Controlled Folder Access

Hack the domain with your favourite management tool

It is difficult to imagine deployment and management without such tools as Group Policy, Config Manager, Intune.
Since deployment and management tools have high access level, they can become double-edged sword.

Session covers how different service accounts can be compromised and used for malicious intent.
Recommendations for how to mitigate will also be given.

The session contains:

- Warm-up: Getting Network Access Account credentials.
- Domain Join Account creds extraction.
- LAPS will improve your security. Maybe.
- The King of Them All: Compromising Client Push Account.
- Passwords in SQL database.
- Recommendations.

Navigating the Battlefield: Leveraging MITRE ATT&CK Tactics

The current threat landscape necessitates organizations to proactively detect and remediate vulnerabilities before attackers discover and exploit them. The MITRE ATT&CK framework acts as a repository of tactics, techniques, and procedures that security professionals use to understand the behavior of attackers. Using the MITRE ATT&CK knowledge base that maps external and internal TTP, red teams can develop threat models and methodologies for more effective attacks. Researching the TTP through MITRE ATT&CK will enable analysts and defenders to better understand threats against their organizations or enterprises.

The session aims to better understand the importance of MITRE ATT&CK tactics in a live demo. The session will also demonstrate how Microsoft products use MITRE ATT&CK for SOC operations.

In the session:
- An introduction to MITRE ATT&CK tactics and techniques
- Designing breach and attack simulations process with the help of MITRE ATT&CK
- How Microsoft 365 Defender and Microsoft Sentinel use MITRE ATT&CK

psconf.eu 2024 Sessionize Event Upcoming

June 2024 Antwerpen, Belgium

Experts Live Netherlands 2024 Sessionize Event Upcoming

June 2024 Nieuwegein, The Netherlands

DevSum 2024 Sessionize Event Upcoming

May 2024 Stockholm, Sweden

Midwest Management Summit 2024 Upcoming

May 2024 Minneapolis, Minnesota, United States

MODERN ENDPOINT MANAGEMENT EMEA SUMMIT 2024 Sessionize Event Upcoming

April 2024 Issy-les-Moulineaux, France

EC-Council Cyber Talks Mar 24

March 2024

EC-Council Cyber Talks Jan 24

January 2024

European MCT Summit 2024 Sessionize Event

January 2024 Rijswijk, The Netherlands

NDC Security 2024 Sessionize Event

January 2024 Oslo, Norway

ESPC23 - European SharePoint, Office 365 & Azure Conference Sessionize Event

November 2023 Amsterdam, The Netherlands

Techorama Netherlands 2023 Sessionize Event

October 2023 Utrecht, The Netherlands

Hack in Paris 2023

September 2023 Paris, France

Workplace Ninja Summit 2023 Sessionize Event

September 2023 Baden, Switzerland

Hexcon23

September 2023

MODERN ENDPOINT MANAGEMENT EMEA SUMMIT 2023 Sessionize Event

September 2023 Issy-les-Moulineaux, France

Experts Live Netherlands 2023 Sessionize Event

May 2023 's-Hertogenbosch, The Netherlands

Techorama 2023 Belgium Sessionize Event

May 2023 Antwerpen, Belgium

Midwest Management Summit 2023

May 2023 Minneapolis, Minnesota, United States

.NET Conference Armenia

January 2023 Yerevan, Armenia

Black Hat Europe 2022

December 2022 London, United Kingdom

CloudBrew 2022 - A two-day Microsoft Azure event Sessionize Event

November 2022 Mechelen, Belgium

Hacker Halted 2022

October 2022

Experts Live Netherlands 2022 Sessionize Event

September 2022 's-Hertogenbosch, The Netherlands

Cloud Identity Summit '22 Sessionize Event

September 2022 Bonn, Germany

HexCon 22

September 2022

WorkPlace Ninja Summit 2022 Sessionize Event

September 2022 Luzern, Switzerland

European MCT Summit 2022 Sessionize Event

September 2022 Zürich, Switzerland

psconf.eu 2022 Sessionize Event

June 2022 Vienna, Austria

Techorama 2022 BE Sessionize Event

May 2022 Antwerpen, Belgium

Microsoft 365 Virtual Marathon 2022 Sessionize Event

May 2022

Midwest Management Summit 2022

May 2022 Bloomington, Minnesota, United States

Teams Nation 2022 Sessionize Event

March 2022

Canadian Cloud Summit 2022 Sessionize Event

February 2022

MCT West Africa Cloud Bootcamp 2021 Sessionize Event

November 2021

HitB+ by Hack in the Box

November 2021 Abu Dhabi, United Arab Emirates

Azure Community Bootcamp Sessionize Event

November 2021

Midwest Management Summit 2021 Miami Beach Edition

October 2021 Miami Beach, Florida, United States

CollabDays New England - Microsoft 365 2021 Sessionize Event

October 2021 Burlington, Massachusetts, United States

BSides Cyprus 2021

October 2021

Virtual Azure Community Day #4 Sessionize Event

October 2021

Cloud Identity Summit '21 Sessionize Event

September 2021

BSides Barcelona 2021

September 2021

HexCon21 by HexNode

September 2021

BSides København 2021 Sessionize Event

September 2021

PowerShell, DevOps and Cloud Conference Sessionize Event

September 2021

Azure Summit Sessionize Event

September 2021

WorkPlace Ninja Virtual Edition 2021 Sessionize Event

August 2021

India Cloud Security Summit , 2021 Sessionize Event

August 2021

Cloud Native Days with Kubernetes Sessionize Event

August 2021

Azure Day Rome 2021 Sessionize Event

June 2021

BSides Athens 2021

Offensive Azure Security

June 2021

Wild West Hacking Fest

Offensive Azure Security

June 2021 Las Vegas, Nevada, United States

BSides Budapest 2021

Offensive Azure Security

May 2021

Techorama 2021 Spring Edition Sessionize Event

May 2021 Antwerpen, Belgium

M365 Philly Virtual 2021 Sessionize Event

May 2021

Cloud Lunch and Learn Marathon 2021 Sessionize Event

May 2021

Microsoft 365 Virtual Marathon Sessionize Event

April 2021

Global Azure Virtual 2021, Greece Sessionize Event

April 2021

Global Azure 2021-India Sessionize Event

April 2021

Global Azure Austria 2021 Sessionize Event

April 2021

Global Azure Virtual 2021 Sessionize Event

April 2021

Global Azure 2021 - Spain Sessionize Event

April 2021

MVPDays LIVE "Endpoint" Day Online 2021 Sessionize Event

April 2021

Security BSides Dublin 2021 Sessionize Event

March 2021

MCT Summit 2021 Sessionize Event

March 2021

Virtual Scottish Summit 2021 Sessionize Event

February 2021

Azure Saturday - Belgrade 2021 Sessionize Event

February 2021

Microsoft 365 Friday California 2021 Sessionize Event

January 2021

Modern Workplace Conference Paris 2021 Sessionize Event

January 2021 Paris, France

Constant Call for Speakers - MC2MC events

Offensive Azure Security

December 2020

IT Pro|Dev Connections 2020 Sessionize Event

December 2020

Virtual Azure Community Day Sessionize Event

December 2020

aMS Germany - 1/12/2020 Sessionize Event

December 2020 Aachen, Germany

Trust in Tech Cologne

Hackers won't pass - Microsoft Threat Protection

October 2020 Köln, Germany

CollabDays BeNeLux Online 2020 Sessionize Event

October 2020

WorkPlace Ninja Virtual Edition 2020 Sessionize Event

August 2020 Kloten, Switzerland

Microsoft 365 Virtual Marathon Sessionize Event

May 2020

MCT Global Summit 2019

They grey box. Office 365 ATP insides
A penny saved. Optimizing Azure costs

September 2019 Vilnius, Lithuania

TechMentor Microsoft HQ 2019 Sessionize Event

August 2019 Redmond, Washington, United States

TechMentor Microsoft HQ 2019

Hackers won’t pass. Microsoft 365 Identity & Threat Protection in action

August 2019 Redmond, Oregon, United States

Azure Global Bootcamp 2019

April 2019 Moscow, Russia

MCT NA Summit 2019

Hackers won't pass

March 2019 Bellevue, Washington, United States

MCT Global Summit 2018

To hack and protect with Azure
Hackers won’t pass. Microsoft 365 Identity & Threat Protection in action

October 2018 Köln, Germany

Azure Global Bootcamp 2018

Azure provided Security
Tip and tricks for Azure IaaS

April 2018 Moscow, Russia

Sergey Chubarov

Security Expert

Paço de Arcos, Portugal